by Derek Irvine
It seems we hear about more breaches of companies’ customers’ personal or financial information nearly every month. When companies suffer security breaches, costs are significant, but financial losses can be recouped. It’s much harder to recover from the loss of consumer trust and loyalty. As Will Roger says, “It takes a lifetime to build a good reputation, but you can lose it in a minute.” A customer’s identity theft following a trip to their favorite big box store, for example, may make them reconsider where they shop.
Some of these cybersecurity breaches come from outsider hackers, but it is not uncommon to hear about breaches of security coming from company contractors, employees, or outsiders with employee assistance. In fact the Online Trust Alliance found that, in the first half of last year, “nearly a third of all data breaches…came from an internal actor and 90 per cent were preventable.”
Hacks as large as at Sony and this weekend’s at Ashley Madison are suspected as inside jobs. The breaches caused by Edward Snowden and leaks of US government security documents are still world news. Whether you agree with the above employers’ missions or not, it’s apparent that employee loyalty is more important than ever.
What are some of the things companies can do to protect their customers’ data?
- Spend millions in cybersecurity software
- Hire outside consultants or beef up internal IT departments
- Increase employee engagement
If you didn’t check that last bullet, you’re missing out on a low-cost, high-impact opportunity. Even Bloomberg admits, “Companies’ worst hacking threat may be their own workers.”
Disgruntled employees or employees that do not buy into the company mission are not just flight risks, they’re cybersecurity risks. They can either perform the hacking themselves or collaborate with outsiders to access your company’s information. That’s how important employee loyalty, buy-in, and engagement is to companies.
Lucy L.M. Phillips, Managing Director and Employee Engagement and Change Communications Practice Lead, at FTI Consulting suggests using these tactics to make data security part of company culture (quoting below):
- Clarify the business risk.
- Align with values and culture.
- Involve employees directly in solutions.
- Partner with the compliance and IT teams.
Phillips explains, “Creating a culture where employees respect data and are motivated to protect the business is critical to cyber security.”
So, if time you are looking to enhance cybersecurity in your company, take a second look at your employee engagement and satisfaction levels. You may have invested in better security software, but have your employee engagement practices gotten with the program?
- Worried about Information Security? Study Says Focus on Employee Engagement
- Let’s Talk Confidential Information And Trade Secrets
- Strong employee Engagement is the First Line of Data Defense Against Cyber Crime